[QUOTE]\nYou, for a small company? What about John Doe, computer user sittiing\nat home with one or more PCs trying to set up on any connection? He\nexpects his ISP to support whatever hardware he has, but can he also expect\nthem to provide, install, configure and support additional hardware to\nprotect him? Also are these fixed addresses or dynamic?[/QUOTE]\n\nDuh, a home user with 253 computer would be delighted to have DHCP\nprovide the basic NAT functions without him having to purchase any\nthird-party appliance. Not to mention the additional security benefit at\nno cost to the user or the ISP.\n\nThe LAN side would be DHCP, the WAN side doesn't matter as most people\nget a DHCP address anyway - reservations could do the static IP if\nrequested.\n[QUOTE]\nA matter of scale, the biggies can afford bulk licenses, but the little\nguys are still out there. During my time as a tech at one small ISP, the\nquestion came up about providing at cost Antivirus software. The only\nproblem was that the cost quoted by NAV & McA was close to retail and they\nrequired that we provide hosting for the downloads. Not cost effective to\nour operation nor the customer.[/QUOTE]\n\nI think you misunderstand, the large ISP's don't license anything, they\nprovide the "Free" version and the AV vendor hopes the exposure leads to\nfull product sales - it's a win/win for the ISP/AV Vendor.\n[QUOTE]\nBut connections need to be robustly dynamic and support a plethora of\ntechnologies. Cost of management becomes an issue. There is also an issue\nof replacing hardware.[/QUOTE]\n\nBS, the ISP's modems almost all support NAT, and that doesn't change\nanything or cause any increase in MTBF.\n[QUOTE]\nA good plan, but not very functional in the real world due to the\ndiversity of interest one has to support. Believe it or not some people do\nsend legitimate attachments with those file extensions. You also mention\ncustomers Email systems. Yes we did that , but the issue is with John Smith\nInternet user, not corporate clients. With a corporate system you can\nexecute a much tighter control scheme.[/QUOTE]\n\nNo, some people don't send legitimate attachments with those extensions,\nthey are stupid if they do. Anyone with any common sense will rename the\nfile, will zip it, will change it as any quality email scanner will\nremove it. I've seen stupid support companies send DLL's and EXE files\nto clients, and they are always rejected, the same should be expected to\nanyone - any quality shop will not send executable files to anyone, only\na idiot does that.\n[QUOTE]\nOne of the best and actually least expensive set-ups we implemented for\na customer on a budget was a series of old servers (zero hardware cost) they\nalready owned set up in three layers to handle their Email. Layer one was\nantispam and consisted of two servers running Free BSD and Postfix, software\ncost zero. The second layer had two servers running Linux and a modified\nantivirus application that utilized NAV to scan all in inbound Email and\nattachments, this included compressed files, software cost about 0.00.\nThe third layer was the actual mail server running NT and Imail software\ncost ,000 at the time(approx).[/QUOTE]\n\nBut NAT and Proper AV + Email scanning costs nothing for most ISP and\nclients.\n[QUOTE]\nBut again this is not a viable option on a public Email server.\n\n\nActive warnings don't seem to have much effect either. We produced a\nmonthly newsletter to our users an even with large red flashing letters\nannouncing a new threat and linked to the very item on the threats pages did\nnot do much to increase customer awareness. Though there would always be a\nsmall bump in customer calls to tech support wanting help to deal with the\nproblem. People seem to want a tech support guided tutorial on fixing the\nproblem rather than taking a few minutes to read. All that being said maybe\nthere are just more ethnically inept people out there that we gave the\npopulation at large, or at least the portion covered by our customer base,\ncredit for[/QUOTE]\n\nSorry, but notices on a regular basis are also passive and ignored.\nActive is the ISP using NAT by default.\n[QUOTE]\nBroadband yes, and BTW with the FCCs new ruling on DSL the provider list\nis about to get a lot smaller. Smart users yes, but there are any number of\nilluminated idiots out there that only have half a clue and scream bloody\nmurder when they finally realize they are over their heads.\n\n\nMozilla is not perfect, but a good answer. All you would have to do is\nchange peoples habits a bit and get them to accept something that is not\nexactly like what they are using now. For the early adopters and the[/QUOTE]\n\nYou can change the habits of the masses they are happy to remain\nignorant - you have to provide them with a painless method that they\ndon't have to understand or they won't use it.\n[QUOTE]\ntechnically proficient, this is unnecessary as they don't need anyone disk,\njust the basic settings and addresses for the servers and their off and\nrunning. A 3x5 note card would suffice. For others no disk will ever cover\nall they need to know should they ever take the time to fully utilize what\nis offered. There is and always will be hardware (MAC, x86, ???) issues.\nWhat works on a shiny new Dell et al, may or may not work on some ones\nlegacy machine. Then there is the issue of OS, what are you running, today?\n\nAt present I have a client that has one machine that just doesn't like\nNAV '05. NAV tech support has yet to resolve the issue and looks to lose a\ndedicated customer. He has several machines from a 486sx running Win95 to a\nGen 4 with XP, but one of his two older matching 550 MHz WIN Me machines\ncan't seem to get a good install. Surprisingly it's the one with a true\nIntel chip (the other is a Celeron). Going to try AVG this after noon on\nit. Sad part is the guy is a real straight arrow and actually own licensed\ncopies for every piece of software he's got on his machines. I think he\nstill has every machine (up and running) he's ever bought and they are his\nextended families home network.\n\n\nYou have over simplified this a bit. For the big national/regional\nproviders, usually they are being hosted by a third party server farm that\nis subject to limitations that vary from company to company. For the little\nguy it is a balance between performance and cost to eak out a profit.\nSpeaking of cost, the install disk are cheap, but the licensed install\nsoftware is not unless it is home brewed and even then programmers aren't[/QUOTE]\n\nIf you think that the ISP's actually buy a license you've missed the\nboat - they give users the "Free" / "Personal" version and it is the\nexposure to the product that the vendor is hoping will get them sales.\nAny ISP that actually licenses software for their clients is missing the\nboat and doesn't understand sales/marketing.\n[QUOTE]\nthat cheap even if you go overseas. That's why most offer dynamic IP\naddressing and charge extra for fixed IP addresses. Though a good router\nmakes this a non-issue. Then to there is a side benefit from this in that\nit reduces bandwidth hogs who want to set up servers and do low end\nweb/FTP/wares hosting, massive P2P file sharing, etc., on a residential\naccount. The original provisioning of the first residential broadband\nproviders did not for see this and got slammed by such inconsiderate types.\nAnd this upped the cost as well for said services[/QUOTE]\n\nWhich supports my stating that ISP's should enable the NAT function on\ntheir modems by default and only provide non-nat mode to those that know\nenough to ask for it.\n[QUOTE]\nHuman nature isn't that savvy. Most folks will go with the cheapest\nthey can get for the minimum reliability they can stand. That's how the\nprofit. Many don't even offer Usenet.[/QUOTE]\n\nAny my statement is proven, if you do NAT, since D/U users only need\nminimal services, you protect your network and the Net at the same time.